Solar power system inverter error code that indicates that the voltage on the grid is too high. The security of power grids even if they have been attacked from cyberspace by hostile actors is not even mentioned in CISA’s plan to protect critical “Physical” infrastructure. (photo by the author) The US Cybersecurity and Infrastructure Security […]
Tag: Industrial Cybersecurity
Anybody listening? Another report of a cyber attack on Industrial Automation and Control Systems.
“Everybody talks, nobody listens. Good listeners are as rare as white crows” – Helen Keller Wired[1] cites a Dragos report[2] on a cyber-attack on ICS with affect on well-being of society. The attack was performed using the MODBUS protocol[3] and was able to manipulate ICS devices (ENCON PLC) to cause heating systems to fail in […]
Having a framework for a boat does not guarantee that it will float or sail well.
The above is a drawing of the framework of the 17th Century Swedish warship “Vasa”. The design of the bottom was too shallow and caused the ship to tip over when it tried to sail out of port. Lately governments have been issuing cybersecurity policy documents that are shallow in their depth of understanding of […]
State of ICS Cybersecurity and Critical Infrastructure: Half empty, Half full, or Stay Focused on the Quest?
A colleague recently expressed some dismay over the lack of progress in ICS cybersecurity in the past 20 years. He has a point, but I had to respond. Below is a copy of my response and hope it will be taken as something “for the good of the Order”. “Yeah I hear ya, but the […]
School of Industrial Cybersecurity: time to review the curriculum
It is hard sometimes for me to watch the discussions on critical infrastructure protection taking place these days. Especially when it comes to cybersecurity practices and policies. The conferences, announcements of new national cybersecurity strategies, pronouncements of industry opinion leaders on the media, government publications on best practices, guides, books and last of all vendor […]
Cybergs sighted: course correction required for critical infrastructure protection
“Engineer Scott, please report to the bridge immediately” Frequently heard in some 1960’s era TV shows Are we being encouraged to implement the right measures for protecting the technologies used to monitor and control physical processes found in critical infrastructure or have we hit a cyberg[1]? This is the question I asked myself when first […]
Sometimes giving a speech is better than issuing a memorandum
“I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to the earth. No single space project in this period will be more impressive to mankind, or more important for the long-range exploration of space; and none […]
Lack of security at Level 0/1: problem of awareness or unwillingness to change priorities?
To be honest I was planning to write about unintentional cyber incidents in critical infrastructure and the need to pull away some of our attention from the sexy topic of cyber-attacks and cyber kill-chains. I changed my mind when I read Dale Peterson’s informative article on “Awareness Of Purdue Level 0 and 1 (In)Security” and […]